This Getting Started brief provides some high-level guidance around how to
properly establish the monitoring of remote employees, including what to
look for and how to appropriately respond should an issue be discovered.

This Getting Started brief provides some high-level guidance around the steps necessary to implement an Insider Threat Program (ITP) to proactively identify potential and active threats, as well as to appropriately respond should a threat arise.

An insider threat program can help make sure insider threats are detected and addressed before an insider attack happens. Many organizations are still not creating and implementing insider threat programs and need to aggressively increase their focus to better protect the organization.

Organizations put a great deal of value into their intellectual property protection. However most organizations fail to realize Insiders pose the greatest threat to their intellectual property making user and entity behavior analytics the most effective means of protecting intellectual property.

Measuring remote employee productivity based on results requires quantifiable metrics, which can be challenging for businesses to define. Creating metrics for measuring remote employee productivity for each person will be required, with some degree of frequent revision.

The Gramm-Leach-Bliley Act (GLBA) and the Dodd-Frank Wall Street Reform and Consumer Protection Act both provide specific guidance on data security for financial institutions. There are severe penalties for non-compliance financial institutions ranging from fines to imprisonment.

IP theft is considered the #1 cyber threat facing manufacturers today making manufacturing intellectual property (IP) protection a priority. As IP in manufacturing is often shared around the world, manufacturing IP protection poses a somewhat unique challenge.

GDPR compliance is about protecting personal data of EU citizens that is necessary and appropriate to collect. GDPR compliance is required for any information “that can be used to directly or indirectly identify the person" and companies that are not GDPR compliant can face material penalties.

Your organization’s security posture is only as strong as your least secure — or least scrupulous — employee. All it takes is an IT professional forgetting to apply a patch, a manager sending sensitive data to the wrong person, or an angry systems administrator selling your intellectual property to set your business back millions of dollars.

Someday, sometime, an employee with access to sensitive data, intellectual property, or trade secrets is going to leave your company, which makes their departure risky to the organization. Sure, you’ve “trusted” them as part of their employment, but when the time comes to change jobs, you can’t always be certain about the motive for the move.

An effective insider threat program requires a mix of people, process, and technology. Over-reliance on, or neglect of, any of these three pillars has significant negative impacts on the ability of an organization to effectively

Corporate computers and information and communications systems (collectively, “electronic resources”) remain the workhorse for most businesses, even as alternatives, such as third-party text messaging services, external social media, and cloud computing, flourish.

To properly quantify the insider risk within your organization, we want to initially walk you through how to begin thinking about insider risk, as it is more a fluid and shifting concept than, say, the static risk assessment associated with whether your systems and applications are completely up to date on their patches.